READ THIS before you upgrade to 11.3, if you have GELI-encrypted pools!

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
This is in the Known Impacts section of the Release Notes at https://www.ixsystems.com/blog/library/freenas-11-3-release/.

The system no longer allows moving the system dataset to an encrypted pool containing a passphrase. Since Directory Services and some SMB state information is stored in the system dataset, these services will not function correctly if the system dataset is locked or otherwise unavailable. It is recommended to move the system dataset to a non-encrypted pool or an encrypted pool not containing a passphrase.​
To be on the safe side, remove passphrases, and generate a new recovery key for all GELI-encrypted pools BEFORE upgrading. Too many folks have been bitten by this and lost their pools.
 
Last edited:

urza

Dabbler
Joined
Mar 17, 2019
Messages
38
Hi, may I just ask, by system pool you mean the Boot pool?
I have Boot pool (unencrypted) where FreeNAS is installed (it is just one smaller ssd disk) and then I have "ssdpool" (two other ssds in mirror) where I have jails, plugins etc. This second "ssdpool" is encrypted with passphrase.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
No, the system dataset resides where you put it, under System->System Dataset. This is the pool for which there can't be any passphrase before upgrading to 11.3.
 

urza

Dabbler
Joined
Mar 17, 2019
Messages
38
Oh, thanks for clarification. So unfortunately, my system dataset is in my ecrypted "ssdpool". :eek:
Damn.. I will probably stay on 11.2 for now..
 
Joined
Aug 9, 2020
Messages
3
So I upgraded to 11.3 was multitasking and did not see the read this beforeI clicked update. Is there any way to get my data back?
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
So I upgraded to 11.3 was multitasking and did not see the read this beforeI clicked update. Is there any way to get my data back?

Reboot back into your previous boot environment.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
1,828
FWIW, I have had no issues whatsoever with my passphrase-encrypted pool on 11.3-U4. But I only run AFP here, no SMB or LDAP / Directory services. Am I just lucky?

FWIW, I don't see myself transitioning to SMB anytime soon either since OSX still supports AFP and AFP can handle longer file name paths and a wider array of characters than SMB. (at least the last time I tried). While FreeNAS does a good job of keeping the original directory names and so on in the data pool, the files as presented via SMB on the Mac are frequently mangled once you go beyond the usual 26 letters in the English language. This may be as much a implementation problem with SMB on the Mac as it is with SAMBA in general, however.
 
Last edited:

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Go to System->Boot, and click the 3 dots next to your previous boot environment. Select Activate to make it the boot environment to be used on the next reboot.
 
Joined
Aug 9, 2020
Messages
3
Go to System->Boot, and click the 3 dots next to your previous boot environment. Select Activate to make it the boot environment to be used on the next reboot.
Excellent! thankyou so much.
 

rmccullough

Patron
Joined
May 17, 2018
Messages
269
How can I tell if I have a GELI-encrypted pool? It does look like my System Data set is on my main pool and not the boot pool.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
How can I tell if I have a GELI-encrypted pool? It does look like my System Data set is on my main pool and not the boot pool.

Do you see *.eli members of your pool when you run zpool status <name of your main pool>? If so, then your pool is GELI-encrypted.
 
Top